The Australian Node enables the routine sharing of genetic variation data in a responsible manner. Our processes protect the confidentiality of patients whose data has been contributed to the Node and are sensitive to privacy issues and concerns.

Privacy

Privacy (a domain within which individuals and groups are entitled to be free from the scrutiny of others) of Australians undergoing genetic testing and contributing to research projects is maintained through the use of de-identified linkage keys.

Although generated from personally identifying information to enable data linkage at the patient level, these keys are generated in a non-reversible fashion inside the internal computer networks of the participating laboratories. No personally identifying information is ever transmitted or stored in the Node repository.

The Office of the Federal Privacy Commissioner has issued guidance that specifically states that:

The APPs [Australian Privacy Principles] do not apply to de-identified information or statistical data sets, which would not allow individuals to be identified.

In cases where the Privacy Act 1988 (Cth) and thus the National Privacy Principles do not apply—e.g. State departments, bodies and agencies—the Australian Node asks each individual laboratory contributing data to determine the extent to which their desired level of disclosure complies with the relevant legislation or administrative guideline they operate under. Generally speaking, these schemes make use of similar definitions of personal information and have similar allowances for secondary use of data if directly related to the primary purpose or related to the quality of the health service received by the consumer.

Confidentiality

De-identified linkage keys further protect patient confidentiality (the obligation of people not to use private information…for any purpose other than that for which it was given to them) because no personally identifying information is held by the Australian Node. In the event of a data breach occurring, individual identities of patients could not be reasonably ascertained. Further to this, Data Access Policy and review processes strictly define and enforce the ways that data in the Node repository can be used.

Ethics

In Australia, data about humans that is to be collected and/or used for research must be handled in compliance with the National Statement on Ethical Conduct in Human Research. The Australian Node complies with the National Statement and only makes data available for research use that has been approved for such use by the submitting laboratory.

Consent

Under the National Statement, data contributed to and held by the Australian Node would be considered non-identifiable data: the National Statement states:

A subset of non-identifiable data are those that can be linked with other data so it can be known that they are about the same data subject, although the person’s identity remains unknown.

As “research that uses collections of non-identifiable data and involves negligible risk” may “be exempted from ethical review,” participating laboratories must determine if ethical review is necessary in their specific circumstances for them to contribute data. We recommend that ethical review be undertaken and mandates that laboratories obtain “extended” or “undisclosed” consent for all data released to the HVPA Node for research use prior to sharing taking place.